Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Seamless Interactions Between Humans and Mobility Systems

As mobility systems, including vehicles and roadside infrastructure, enter a period of rapid and profound change, it is important to enhance interactions between people and mobility systems. Seamless human—mobility system interactions can promote widespread deployment of engaging applications, which are crucial for driving safety and efficiency. The ever-increasing penetration rate of ubiquitous computing devices, such as smartphones and wearable devices, can facilitate realization of this goal. Although researchers and developers have attempted to adapt ubiquitous sensors for mobility applications (e.g., navigation apps), these solutions often suffer from limited usability and can be risk-prone. The root causes of these limitations include the low sensing modality and limited computational power available in ubiquitous computing devices. We address these challenges by developing and demonstrating that novel sensing techniques and machine learning can be applied to extract essential, safety-critical information from drivers natural driving behavior, even actions as subtle as steering maneuvers (e.g., left-/righthand turns and lane changes). We first show how ubiquitous sensors can be used to detect steering maneuvers regardless of disturbances to sensing devices. Next, by focusing on turning maneuvers, we characterize drivers driving patterns using a quantifiable metric. Then, we demonstrate how microscopic analyses of crowdsourced ubiquitous sensory data can be used to infer critical macroscopic contextual information, such as risks present at road intersections. Finally, we use ubiquitous sensors to profile a driver’s behavioral patterns on a large scale; such sensors are found to be essential to the analysis and improvement of drivers driving behavior.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/163127/1/chendy_1.pd

Seamless Authentication for Ubiquitous Devices

User authentication is an integral part of our lives; we authenticate ourselves to personal computers and a variety of other things several times a day. Authentication is burdensome. When we wish to access to a computer or a resource, it is an additional task that we need to perform~-- an interruption in our workflow. In this dissertation, we study people\u27s authentication behavior and attempt to make authentication to desktops and smartphones less burdensome for users. First, we present the findings of a user study we conducted to understand people\u27s authentication behavior: things they authenticate to, how and when they authenticate, authentication errors they encounter and why, and their opinions about authentication. In our study, participants performed about 39 authentications per day on average; the majority of these authentications were to personal computers (desktop, laptop, smartphone, tablet) and with passwords, but the number of authentications to other things (e.g., car, door) was not insignificant. We saw a high failure rate for desktop and laptop authentication among our participants, affirming the need for a more usable authentication method. Overall, we found that authentication was a noticeable part of all our participants\u27 lives and burdensome for many participants, but they accepted it as cost of security, devising their own ways to cope with it. Second, we propose a new approach to authentication, called bilateral authentication, that leverages wrist-wearable technology to enable seamless authentication for things that people use with their hands, while wearing a smart wristband. In bilateral authentication two entities (e.g., user\u27s wristband and the user\u27s phone) share their knowledge (e.g., about user\u27s interaction with the phone) to verify the user\u27s identity. Using this approach, we developed a seamless authentication method for desktops and smartphones. Our authentication method offers quick and effortless authentication, continuous user verification while the desktop (or smartphone) is in use, and automatic deauthentication after use. We evaluated our authentication method through four in-lab user studies, evaluating the method\u27s usability and security from the system and the user\u27s perspective. Based on the evaluation, our authentication method shows promise for reducing users\u27 authentication burden for desktops and smartphones

Security and Privacy Analysis of Wearable Health Device

Wearable technology allows for consumers to record their healthcare data for either personal or clinical use via portable devices. As advancements in this technology continue to rise, the use of these devices has become more widespread. In this paper, we examine the significant security and privacy features of three health tracker devices: Fitbit, Jawbone and Google Glass. We also analyze the devices\u27 strength and how the devices communicate via its Bluetooth pairing process with mobile devices. We explore possible malicious attacks through Bluetooth networking. The outcomes of this analysis illustrate how these devices allow third parties to access sensitive information, such as the device exact location, which causes the potential privacy breach for users. We analyze and compare how unauthorized parties may access the user data and the challenges to secure user data on three wearable devices (Fitbit, Jawbone, and Google Glass) security vulnerability and attack type

An investigation of electronic Protected Health Information (e-PHI) privacy policy legislation in California for seniors using in-home health monitoring systems

This study examined privacy legislation in California to identify those electronic Protected Health Information (e-PHI) privacy policies that are suited to seniors using in-home health monitoring systems. Personal freedom and independence are essential to a person\u27s physical and mental health, and mobile technology applications provide a convenient and economical method for monitoring personal health. Many of these apps are written by third parties, however, which poses serious risks to patient privacy. Current federal regulations only cover applications and systems developed for use by covered entities and their business partners. As a result, the responsibility for protecting the privacy of the individual using health monitoring apps obtained from the open market falls squarely on the states. The goal of this study was to conduct an exploratory study of existing legislation to learn what was being done at the legislative level to protect the security and privacy of users using in-home mobile health monitoring systems. Specifically, those developed and maintained by organizations or individuals not classified as covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The researcher chose California due to its reputation for groundbreaking privacy laws and high population of seniors. The researcher conducted a content analysis of California state legislation, federal and industry best practices, and extant literature to identify current and proposed legislation regarding the protection of e-PHI data of those using in-home health monitoring systems. The results revealed that in-home health monitoring systems show promise, but they are not without risk. The use of smartphones, home networks, and downloadable apps puts patient privacy at risk, and combining systems that were not initially intended to function together carries additional concerns. Factors such as different privacy-protection profiles, opt-in/opt-out defaults, and privacy policies that are difficult to read or are not adhered to by the application also put user data at risk. While this examination showed that there is legislative support governing the development of the technology of individual components of the in-home health monitoring systems, it appears that the in-home health monitoring system as a whole is an immature technology and not in wide enough use to warrant legislative attention. In addition – unlike the challenges posed by the development and maintenance of the technology of in-home health monitoring systems – there is ample legislation to protect user privacy in mobile in-home health monitoring systems developed and maintained by those not classified as covered entities under HIPAA. Indeed, the volume of privacy law covering the individual components of the system is sufficient to ensure that the privacy of the system as a whole would not be compromised if deployed as suggested in this study. Furthermore, the legislation evaluated over the course of this study demonstrated consistent balance between technical, theoretical, and legal stakeholders. This study contributes to the body of knowledge in this area by conducting an in-depth review of current and proposed legislation in the state of California for the past five years. The results will help provide future direction for researchers and developers as they struggle to meet the current and future needs of patients using this technology as it matures. There are practical applications for this study as well. The seven themes identified during this study can serve as a valuable starting point for state legislators to evaluate existing and proposed legislation within the context of medical data to identify the need for legislation to assist in protecting user data against fraud, identity theft, and other damaging consequences that occur because of a data breach